Data scandals seem to be coming thick and fast these days. Every week it feels like a different company is hacked or wrapped up in some form of scandal involving the personal information of their customers. Let’s look at how and why it might be happening.
Last week, Under Armour announced that their fitness app MyFitnessPal was subject to a data breach, resulting in the information of 150 million users being taken. That news comes on hot on the heels of the Facebook & Cambridge Analytica scandal, where the data of at least 50 million Facebook users was sold and used to sway political elections. Check out our blog on how to protect your Facebook data for more.
In September of last year, Equifax was attacked by hackers, who took the personal information of 145 million Americans. Controversially, some shareholders chose to sell their shares in the company before they announced the breach.
The rise of data theft
So in three years, just five companies managed to mismanage the data of over 350,000,000 people. What’s going on?
Well, all of these companies operate in the digital space, so any data they hold is by nature more accessible to online hackers. Sadly this is just something we have to live with if we want to live and work in a seamless, slick digital world.
These are also all large international companies, who aren’t governed by a single set of data management rules. This might have caused some confusion and left holes for hackers to target.
Securing data and preparing for breaches
According to a 2017 IAPP survey, preparing for and handling data breaches is the number one compliance risk keeping privacy professional up at night. Are you one of them?
See the GDPR data breach summary below:
- The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
- If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
- You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals.
- You must also keep a record of any personal data breaches, regardless of whether you are required to notify.
In the digital age, any company could be the target of a data breach, which is why adhering to GDPR’s recommendations and rules is vital.
Adlantic is holding a GDPR Uncovered training event on the 1st of May. At this event, a fully qualified CIPP/E Data Protection expert, Hayley Jaffrey (CIPP-E CQP MCQI) will explain GDPR. Hayley provides expert practical guidance on how GDPR impacts your business, and more specifically your marketing activities and use of personal data.
IAPP Joint Survey With TrustArc, GDPR Non compliance Risks & Mitigation Strategies, Nov 2017